Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Security Advisory for SEP Management Vulnerabilities

Created: 14 Feb 2014 • Updated: 23 Jul 2014 | 8 comments

A High Severity Advisory which identifies multiple vulnerabilities in the Symantec Endpoint Protection Manager has been publised and a BCS Bulletin is being sent. While there are no known exploits taking advantage of this vulnerability, Symantec is urging all customers to update their managers to the latest version, Symantec Endpoint Protection Manager 12.1 RU4a, as soon as possible. Clients are not affected and do not need to be updated. As part of normal best practices, Symantec strongly recommends keeping all operating systems and applications updated with the latest vendor patches. For detailed information on this vulnerability including the products and builds affected and information on obtaining an updated build, please review the advisory at:

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140213_00

 

Read this BLOG for entire details regarding this Advisory.

Comments 8 CommentsJump to latest comment

kennethSEPnewbie's picture

Is it necessary to perform an upgrade?  The version (build version) that I am managing are the following:

- 12.1.1101.411

- 12.1. 3001.165

- 12.1.4013.4013

- 12.1.2015.2015

 

If it is urgent, is there a batch file or executable file that can be deployed for the build version to be upgraded instead of installing the whole SEP Manager and backing-up/restoring the database?

 

Regards.

SebastianZ's picture

Is it necessary to perform an upgrade?

- What is the version of your SEPM? Only SEPM server is vulnerable - no need to upgrade clients.

 

Affected Products

Product

Version

Build

Solution(s)

Symantec Endpoint Protection Manager

11.0

All

Update to SEPM 11.0 RU7-MP4a (11.0.7405.1424) or later

Symantec Protection Center Small Business Edition

12.0

All

Update to SEPM 12.1 RU4a SBE (12.1.4023.4080) or later

Symantec Endpoint Protection Manager

12.1

All

Update to SEPM 12.1 RU4a (12.1.4023.4080) or later

 

kennethSEPnewbie's picture

Hi SebastianZ,

As mention in my earlier post, here are the version(s) of Symantec Endpoint Protection SBE that I am managing:

- 12.1.1101.411

- 12.1. 3001.165

- 12.1.4013.4013

- 12.1.2015.2015

Since it will be only the manager that I will be upgrading, I have some questions:

1. I will uninstall the SEPM and re-install it again.  The question is, what will happen to the clients if I don't or failed to backup the database, will they still be able to communicate with the server?

2. Will the process be "On Top" or "Fresh Install"?

3. Does Symantec have or created a patch or installer file that I will just run to upgrade/update the build version and not to remove the whole SEP Manager so that I will not go through:

  • Backing up the database and logs
  • Turning off/on the replication before the upgrade
  • Starting and stopping the service
  • Re-installing Symantec EPP Manager.

Regards.

Mick2009's picture

Hi kennethSEPnewbie,

 

This page may help answer your questions: 

SYM14-004 Symantec Endpoint Protection Management Vulnerabilities
http://www.symantec.com/docs/TECH214866

Specifically:

Q: Can I install SEPM 12.1 RU4a or SEPM 11 RU7 MP4a over the version that is currently installed?

A: Yes. SEPM 11 RU7 MP4a can be installed over any previous version of SEPM 11, and SEPM 12.1 RU4a can be installed over any previous version of SEPM 11 or 12.1, including SEPM 11 RU7 MP4a.

 

With thanks and best regards,

Mick

Srikanth_Subra's picture

Is it really necessary to perform this upgrade?

Please confirm..whether in this update we need to upgrade clients also

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

Chief7's picture

I have a question about SEPM

we have 2 SEP managers here - versions are as follows (1) 12.1.3001.165 

                                                                                 (2) 12.1.4023.4080 - Nessus scan shows this as being vulnerable

From reading your replies I would think manager (1) would show as vulnerable due to it's revision. Can you please clarify?

Thanks

 

Clint's picture

In FileConnect there are 2 product lines for the regular SEP files and another for this SEPM vulnerability under "Update - Symantec Endpoint Protection Manager 11.x or 12.1".  Assuming one has yet to upgrade their environment from, say, SEP 11 to 12, do the respective download files under "Symantec Protection Suite Enterprise Edition 4.0" include this SEPM vulnerability update or would you still have to apply the fix thereafter?

Clint